Search Our Database
How to install ConfigServer Security and Firewall (csf) in Linux
Introduction
ConfigServer Security & Firewall (CSF) is a popular security tool for Linux servers, providing firewall capabilities, brute-force detection, and login monitoring. This guide outlines a general process for installing CSF on any Linux distribution, detailing each step from downloading the package to configuring CSF’s settings. This tutorial covers various package managers (apt, dnf, yum, and zypper) to accommodate different Linux distributions.
Prerequisites
- A Linux server with root or sudo privileges.
- Terminal or SSH access to the server.
- Familiarity with text editors like vi, nano, or vim.
Step-by-Step Guide
Step 1: Log in to Your Linux Server
Access your server by logging in with a user account that has sudo privileges.
Step 2: Update System Packages
Ensure all installed packages on your system are up-to-date. Run the following command based on your Linux distribution’s package manager:
# Debian/Ubuntu-based systems sudo apt update && sudo apt upgrade -y # Red Hat/CentOS/AlmaLinux/Rocky Linux/Fedora sudo dnf update -y sudo yum update -y # if using yum # openSUSE/SUSE Linux Enterprise sudo zypper refresh && sudo zypper update -y
Step 3: Install Required Dependencies
CSF requires several Perl modules and utilities. Use the appropriate command for your distribution to install these dependencies:
# Debian/Ubuntu-based systems sudo apt install libwww-perl libperl4-corelibs-perl liblwp-protocol-https-perl wget -y # Red Hat/CentOS/AlmaLinux/Rocky Linux/Fedora sudo dnf install perl-libwww-perl perl-Math-BigInt wget -y sudo yum install perl-libwww-perl perl-Math-BigInt wget -y # if using yum # openSUSE/SUSE Linux Enterprise sudo zypper install perl-libwww-perl perl-Math-BigInt wget -y
Step 4: Download the CSF Installation Files
Download the CSF archive to the /usr/src directory or any other suitable directory on your server:
cd /usr/src wget https://download.configserver.com/csf.tgz
Step 5: Extract the CSF Files
Extract the downloaded CSF archive using tar. If tar is not installed on your system, install it with your package manager (apt, dnf, yum, or zypper).
tar xzf csf.tgz cd csf
Step 6: Run the CSF Installation Script
Run the installation script provided with CSF and check compatibility with your server’s firewall modules:
sudo sh install.sh sudo perl /usr/local/csf/bin/csftest.pl
The output should confirm that CSF can function on the server, showing lines like:
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK ... RESULT: csf should function on this server
Step 7: Configure CSF
To activate CSF, edit the configuration file and disable testing mode. Open the file using vi, vim, or nano:
sudo vi /etc/csf/csf.conf
In the configuration file, locate TESTING = “1” and change it to TESTING = “0”. This step is essential to enable CSF. You may also specify allowed incoming and outgoing ports.
Step 8: Start and Enable CSF and LFD Services
Start CSF and its companion service, Login Failure Daemon (LFD), and set them to start on boot.
sudo systemctl restart csf && sudo systemctl restart lfd sudo systemctl enable csf && sudo systemctl enable lfd sudo systemctl status csf && sudo systemctl status lfd
Step 9: Verify the CSF Installation
To confirm the CSF installation, check its version:
csf -v
Step 10: Review the CSF Manual
CSF includes a comprehensive manual that can help users understand its capabilities and configuration options. Use the following command to access it:
man csf
Conclusion
CSF is now installed and running on your Linux server, ready to manage firewall rules and enhance server security. For additional options and commands, consult the CSF manual.
Should you have any inquiries about the guidelines, please feel free to open a ticket through your portal account or contact us at support@ipserverone.com. We’ll be happy to assist you further.